[APSB25-71] Security Patch Release for Adobe Commerce & Magento Open Source Platforms

August 14, 2025 Rajesh Prajapati Magento

The security patch identified as APSB25-71 was released by Adobe on August 12, 2025, with a priority level of 2.

Bulletin ID	Date Published	Priority
APSB25-71	August 12, 2025	2

What does “Priority 2” mean for Magento security patches?

When Magento releases a Priority 2 patch, it means:

There’s a security issue, but it’s not very serious or urgent.
The problem could be used by attackers, but it’s not easy or likely to happen right away.
It might cause some data exposure or small issues, but not major damage.
You should install the patch soon, but it’s not an emergency like a Priority 1 patch.

In short, Priority 2 means there’s a moderate risk. You should fix it soon to stay safe, but there’s no need to panic.

Overview of APSB25-71 Security Patch:

This update fixes major security problems in Magento.
Installing this update helps protect your server from hackers, keeps your data safe, and secures your online store.
Adobe fixed these issues early, and no attacks have happened yet — but it’s smart to update now to avoid possible risks later.

Information about security weaknesses for Adobe Commerce, Adobe Commerce B2B, and Magento Open Source.

Below, I have shown how the vulnerability can affect the system, along with its CWE (Common Weakness Enumeration) number. Each security issue is rated as either critical or important.

Vulnerability Category	Vulnerability Impact
Improper Input Validation (CWE-20)	Application denial-of-service
Cross-Site Request Forgery (CSRF) (CWE-352)	Privilege escalation
Incorrect Authorization (CWE-863)	Arbitrary file system read
Cross-site Scripting (Stored XSS) (CWE-79)	Privilege escalation
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)	Security feature bypass
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)	Security feature bypass

Affected Versions & Recommended Fixes:

The easy fix is to update Adobe Commerce, Adobe Commerce B2B, and Magento Open Source to the latest versions recommended by Adobe.

Since each version has a priority 2 rating, you should update it within a few days.

Product	Affected Version	Updated Version
Adobe Commerce	2.4.9-alpha1 2.4.8-p1 and earlier 2.4.7-p6 and earlier 2.4.5-p11 and earlier 2.4.4-p13 and earlier 2.4.4-p14 and earlier	2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15
Adobe Commerce B2B	1.5.3-alpha1 1.5.2-p1 and earlier 1.4.2-p6 and earlier 1.3.5-p11 and earlier 1.3.4-p13 and earlier 1.3.3-p14 and earlier	1.5.3-alpha2 1.5.2-p2 1.4.2-p7 1.3.4-p14 1.3.3-p15
Magento Open Source	2.4.9-alpha1 2.4.8-p1 and earlier 2.4.7-p6 and earlier 2.4.6-p11 and earlier 2.4.5-p13 and earlier	2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14

The best thing to do is update your versions to prevent any problems that could harm your store. So, before doing anything else, make updating your first priority.

Rajesh Prajapati

Rajesh Prajapati is a talented Senior Web Developer at Aims Infosoft, contributing his expertise to deliver high‑quality, robust, and scalable web solutions for our clients. He plays a key role in turning client requirements into functional, user‑friendly applications. His focus on clean code, best practices, and attention to detail helps ensure every project meets our high standards of quality.

Handling Time-Consuming Tasks in CodeIgniter 4 Using Queue Jobs

How I Resolved the "Featured Image Not Displaying" Problem in WordPress.com Utilizing the Intergalactic-2 Theme with Elementor